IT Auditing and Security Controls Quiz

Questions and Answers

What is a major difficulty with reviewing web applications?

The speed of web application development

The lack of skilled reviewers

The number of possible interacting components (correct)

The complexity of the website's design

What should be verified regarding the web server's operation?

It is compatible with all browsers

It has the latest hardware components

It is running on a dedicated system (correct)

It has a high bandwidth connection

What should be reviewed in terms of policies and procedures?

User interface design

Customer feedback mechanisms

Marketing strategies

Appropriate & timely updates (correct)

What should be verified regarding unnecessary services and modules?

They are removed or disabled

How should running services and modules operate?

Under the least privileged accounts

Study Notes

Evolving Internal Control Areas Impacting IT and IT Auditing

• A complete web audit consists of three primary components: the server operating system, web server, and web application.
• Web servers are common targets and are difficult to properly secure, often containing sensitive data.
• The complexity of web applications makes reviewing them challenging due to the numerous interacting components.
• It is important to verify that the web server is running on a dedicated system and not in conjunction with other critical applications.
• Administrators should discuss with the administrator the applications on the same host as the web server to understand the legitimate needs and scope of audit.
• It is crucial to ensure that the web server is fully patched and updated with the latest approved code.
• Policies and procedures for appropriate and timely updates need to be reviewed during the audit.
• It is important to verify that unnecessary services, modules, objects, and APIs are removed or disabled, and running services and modules should operate under the least privileged accounts.
• The audit should verify that unnecessary services are disabled and that running services operate under the least privileged accounts.

Description

Test your knowledge of evolving internal control areas impacting IT and IT auditing with this quiz on Auditing and Security Controls. Explore topics such as web, cloud, virtualization, mobile, and IoT to enhance your understanding of the latest trends in IT auditing.